Scott that is not a vulnerability. Its called active scripting. If you turn it off then www.cnn.com won't load properly either. Its a common integration feature. If you want to disable it properly IE security should have been set-up properly to begin with. Change your internet zone security to HIGH and that page won't load jack other than fire off antivirus warning.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Williams Scott CTR Sent: Thursday, February 28, 2002 12:32 PM To: Exchange Discussions Subject: Exchange nightmares TECH BRIEFING Want To See Something Scary? I thought you might be interested in trying this and then see your hair stand out. When I tried it just now (Wednesday Feb 27, 11am) it still worked. It's real too, yikes. This web page opens up a DOS box on your computer. Someone really interested in destruction would be able to wreak havoc on everyone visiting them. Or, cracked sites might be equipped with this doozy on their home page and all their visitors just beheaded. I'm not sure how you could protect your users against this kind of attack. Suggestions anyone? http://www.w2knews.com/rd/rd.cfm?id=020228TB-Scary _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
